← 返回 Skills 市场
443
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install powerskills
功能描述
Windows automation toolkit for AI agents. Provides Outlook email/calendar, Edge browser (CDP), desktop screenshots/window management, and shell commands via...
安全使用建议
Do not install or run this skill until you verify what will actually execute. Key points to check: 1) The package currently contains only documentation and config.json — there are no powerskills.ps1 or per-skill .ps1 scripts listed; ask the publisher where the code is or obtain the full repository and inspect the scripts before running. 2) If you do run code, do not change execution policy system-wide; prefer one-off invocation with PowerShell -ExecutionPolicy Bypass and do so in an isolated/test VM. 3) The documented capabilities can read Outlook mail, environment variables, and execute arbitrary commands and browser JS — these can exfiltrate secrets. Only run under a non-admin, non-sensitive account and after reviewing every script. 4) If you cannot inspect the scripts (missing or remotely fetched), treat the skill as untrusted. 5) Consider disabling autonomous invocation for the agent or restricting this skill until you confirm its provenance and contents.
功能分析
Type: OpenClaw Skill
Name: powerskills
Version: 0.1.0
The PowerSkills bundle provides high-risk administrative primitives including arbitrary PowerShell execution (system exec), JavaScript evaluation in the browser (browser evaluate), and desktop keystroke injection (desktop keys). It also grants full access to Outlook emails, calendars, and browser session data. While these are presented as automation tools, the lack of any documented security constraints or input sanitization makes the toolkit a potent vehicle for data exfiltration and remote control, as seen in skills/system/SKILL.md, skills/browser/SKILL.md, and skills/outlook/SKILL.md.
能力评估
Purpose & Capability
The SKILL.md advertises a CLI entrypoint (powerskills.ps1) and per-skill .ps1 scripts for Outlook, browser, desktop, and system actions, but the provided file manifest contains only documentation and config.json — no executable .ps1 files. That is a clear mismatch: the skill promises capabilities that cannot be delivered from the included files, which could indicate missing artifacts or that the skill expects the agent/user to fetch or already have external scripts.
Instruction Scope
The runtime instructions tell the agent to change PowerShell execution policy (Set-ExecutionPolicy RemoteSigned or use Bypass), start Edge with remote debugging, run powerskills.ps1 and per-skill .ps1 scripts, and expose actions that read Outlook messages, evaluate arbitrary JavaScript in pages, capture screenshots, send keystrokes, read environment variables, and run arbitrary shell commands. Those actions are powerful and can access sensitive data (email bodies, addresses, env vars, files) and perform arbitrary command execution — the documentation gives broad authority without constraints. Additionally, the scripts the docs reference are not present in the bundle.
Install Mechanism
There is no install spec (instruction-only), so nothing in the bundle will be written or executed automatically. That lowers risk from hidden downloads, but the docs explicitly instruct running local PowerShell scripts (which are absent) and changing execution policy or invoking PowerShell with ExecutionPolicy Bypass — both of which affect system behavior and could enable running external code if the user later fetches scripts.
Credentials
The skill declares no required environment variables or credentials (proportionate), but the documented actions include reading arbitrary environment variables and executing shell commands. While these capabilities are consistent with a 'system' skill, they are high-privilege operations relative to many users' expectations (especially Outlook access and arbitrary exec), and the SKILL.md does not limit which env vars or files may be read.
Persistence & Privilege
The instructions recommend setting the user's PowerShell execution policy (Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned) or using ExecutionPolicy Bypass. Changing execution policy is a persistent, system-level change that weakens script execution protections. The skill is not marked always:true, but the docs encourage actions that persist and broaden attack surface if malicious or mistaken scripts are later run.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install powerskills - 安装完成后,直接呼叫该 Skill 的名称或使用
/powerskills触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release - Outlook, Edge browser, desktop, and system automation for Windows via PowerShell
元数据
常见问题
PowerSkills 是什么?
Windows automation toolkit for AI agents. Provides Outlook email/calendar, Edge browser (CDP), desktop screenshots/window management, and shell commands via... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 443 次。
如何安装 PowerSkills?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install powerskills」即可一键安装,无需额外配置。
PowerSkills 是免费的吗?
是的,PowerSkills 完全免费(开源免费),可自由下载、安装和使用。
PowerSkills 支持哪些平台?
PowerSkills 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 PowerSkills?
由 aloth(@aloth)开发并维护,当前版本 v0.1.0。
推荐 Skills